Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reverse proxy ignores ca_file #1279

Closed
dmitriyvolk opened this issue Oct 13, 2022 · 5 comments
Closed

Reverse proxy ignores ca_file #1279

dmitriyvolk opened this issue Oct 13, 2022 · 5 comments
Assignees
@abhinavsingh
Labels
Bug Bug report in proxy server

Comments

@dmitriyvolk
Copy link
Contributor

Check FAQs
Please check Frequently Asked Questions
before opening a bug report.

Describe the bug
Reverse proxy ignores the ca_file argument.

When the reverse proxy calls upstream.wrap() (https://github.com/abhinavsingh/proxy.py/blob/develop/proxy/http/server/reverse.py#L97) it omits the ca_cert argument. Therefore the SSLContext being created doesn't have the CA file.

This makes it impossible to reverse-proxy to servers with self-signed certificates, which is exactly what I need to do in some cases.

To Reproduce
Steps to reproduce the behavior:

  1. Run proxy.py as 'proxy --enable-reverse-proxy --plugins --ca-file '
  2. Deploy an HTTPS server with a self-signed certificate listening at https://myserver
  3. Have MyPlugin like this:
class MyPlugin(ReverseProxyBasePlugin):
  def routes(self) -> List[Union[str, Tuple[str, List[bytes]]]]:
        return [
            (r"/blah$", [b"https://myserver/"]),
        ]
  1. Do curl http://localhost:8899/blah to trigger error
  2. See error
2022-10-12 19:38:32,768 - pid:45420 [W] handler.handle_readables:234 - Exception when receiving from client connection#29 with reason SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')

Expected behavior
Upstream connection succeeds.

Version information

  • OS: macOS Monterey
  • Browser curl
  • Device: MBP
  • proxy.py Version 2.4.3

Additional context
N/A

Screenshots
N/A
@dmitriyvolk dmitriyvolk added the Bug Bug report in proxy server label Oct 13, 2022
@dmitriyvolk dmitriyvolk mentioned this issue Oct 13, 2022
Closed
@dmitriyvolk
Copy link
Contributor Author

The PoC PR #1280 makes it work as expected.

@ddl-ebrown
Copy link

Looks like #1283 implemented this around 6 months ago, but it still hasn't shipped in a release yet. Are you cutting a new release anytime soon @abhinavsingh ? Thanks!

@abhinavsingh
Copy link
Owner

@ddl-ebrown Thanks for reminding me about it. Just started release workflow for v2.4.4rc4 https://github.com/abhinavsingh/proxy.py/actions/runs/4417674343 , should be out soon.

@ddl-ebrown
Copy link

Awesome - thank you!

@abhinavsingh
Copy link
Owner

#1397 addressed this, closing now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abhinavsingh abhinavsingh

Labels
Bug Bug report in proxy server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@abhinavsingh @dmitriyvolk @ddl-ebrown